Federated Learning (FL) has been proposed as a privacy-preserving solution for machine learning. However, recent works have reported that FL can leak private client data through membership inference attacks. In this paper, we show that the effectiveness of these attacks on the clients negatively correlates with the size of the client's datasets and model complexity. Based on this finding, we study the capabilities of model-agnostic Federated Learning to preserve privacy, as it enables the use of models of varying complexity in the clients. To systematically study this topic, we first propose a taxonomy of model-agnostic FL methods according to the strategies adopted by the clients to select the sub-models from the server's model. This taxonomy provides a framework for existing model-agnostic FL approaches and leads to the proposal of new FL methods to fill the gaps in the taxonomy. Next, we analyze the privacy-performance trade-off of all the model-agnostic FL architectures as per the proposed taxonomy when subjected to 3 different membership inference attacks on the CIFAR-10 and CIFAR-100 vision datasets. In our experiments, we find that randomness in the strategy used to select the server's sub-model to train the clients' models can control the clients' privacy while keeping competitive performance on the server's side.

翻译：联邦学习（FL）被提出作为一种保护隐私的机器学习解决方案。然而，近期研究指出，联邦学习可能通过成员推断攻击泄露客户端私有数据。本文中，我们证明了此类攻击对客户端的有效性与客户端数据集规模及模型复杂度呈负相关。基于这一发现，我们研究了模型无关联邦学习在隐私保护方面的能力，因其允许客户端使用不同复杂度的模型。为系统研究该主题，我们首先根据客户端从服务器模型中选择子模型的策略，提出了模型无关联邦学习方法的分类体系。该分类体系为现有模型无关联邦学习方法提供了框架，并催生了填补分类空白的新联邦学习方法。随后，我们依据所提出的分类体系，在CIFAR-10和CIFAR-100视觉数据集上，针对三种不同的成员推断攻击，分析了所有模型无关联邦学习架构的隐私-性能权衡关系。实验发现，在选择服务器子模型以训练客户端模型的策略中引入随机性，可在保持服务器端竞争力的同时，有效控制客户端的隐私风险。